Confidential Information

By Sankaranand Balaradjou (Unlicensed)
3 min

We love it when you share what you do. Yet please always keep in mind that some of the work that we produce for customers is confidential per non-disclosure agreements and cannot be shared as-is. To protect customer’s security and Axelerant legally, sensitive information like the customer’s name, site, URLs, administrative access, passwords, and secret keys shouldn’t exist outside of the project itself.

Before sharing publicly, check the Master Project Reference or alternately the archived Axelerant Projects for confidentiality status before directly naming an organization or engagement.

On the legal side, all data in any mode, electronic or otherwise, produced on behalf of Axelerant is property of Axelerant. Any misuse of data could be considered theft, and the violator is held liable.

Confidentiality Reminders

Please ensure that the following safety steps are read, understood, and agreed upon by you before working on any project. When violations happen, please take corrective action immediately besides reporting such to your leadership.

  • Ensure only a fork of the project repository is used.

    • Do not push the code to any personal repositories, even private ones.

    • The code should not be stored anywhere other than the approved, provisioned repository's fork.

    • E.g., No Google drive, no private repositories, no external drives.

  • Never download any production database even when you have access to the live environment. Work with Client Staff Engineer/Architect and Project Manager for access.

  • Avoid copy-pasting from customer projects. Adapt it afresh.

    • Please do not use any code or assets from any Axelerant client projects in your personal projects.

    • Only open-source code with written consent from a Client representative via Axelerant Customer Success Manager.

  • Never commit identifying information or secrets. When you accidentally commit, overwrite your commits or rebase your histories.

    • Never commit API keys, SSH keys, passwords, secrets, or other sensitive data to a codebase repository.

    • When such data is to be committed, work with client-side staff engineer/architects or Axelerant PM + DevOps to determine the suitable approach for such needs.

  • Ensure there is no sensitive information in commit messages or other metadata, such as company author/committer name/email.

  • When you’re sharing internally, make sure the project is marked internal or private because search engine spiders check public projects.

  • Don’t use public gists to share confidential information and snippets which contain identifying information. Use an internal Jira comment, a private Confluence page, or a limited access Google document instead.

    • Do not use any third-party tools like Codepen, Pastebin, etc., to share or store (even temporarily) any code from client projects.

  • Check whether a project is marked as confidential in the Axelerant Skills Cloud before sharing customer and project names in your resume.

    • Team members should agree that they will not mention client name or logo or other client trademarks, use any sensitive, confidential data anywhere on Linkedin or anywhere on the web, in their CVs, camp sessions, or anywhere in the public, private domain.

  • Follow the Secure Project Closure process at the end of an engagement.

    • Ensure that all local repositories and forks of team members are removed and all accesses to customer environments, hosted instances (Acquia cloud, AWS, Pantheon) are revoked.

  • Any loss or theft of any laptop containing Client code should immediately report client information to Axelerant SM/PM and Client PM.